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PENDIN G CLAIMS 

1. (Previously amended) An apparatus for centrally managing a computer network, 

including: 

maintaining a central database of all NASes known to the computer network; and 
broadcasting a message to a NAS list located at each POP in the computer network 

whenever said central database is changed, said message containing information regarding the 

change. 

2. (Original) The method of claim 1, wherein all of said NASes known to the computer 
network are all NASes within the computer network which have been chosen as being valid 

3. (Original) The method of claim 1, wherein said maintaining is performed by a Network 
Control Console. 

4. (Original) The method of claim 3, wherein said Network Control Console is a graphical 
interface. 

5. (Original) The method of claim 1, wherein said maintaining includes adding NASes, 
deleting NASes, and modifying the entries of NASes in said central database as the need arises. 

6. (Original) The methodof claim 1, wherein said broadcasting is performed automatically 
by a broker whenever a change to said central database is made. 
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7. (Original) The method of claim 1. wherein said broadcasting includes publishing a 
broker event via a broker. 

8. (Original) A method for locally processing an access request at a Points-Presence 
(PoP) in a computer network having other PoPs, said access request received from a NAS, the 

method including; 

accessing a list of network access servers (NASes) known to the PoP and the computer 
network, said list located locally at the PoP; and 

vaUdating that said access request was received from a known entity by determining if an 
entry exists in said list for the NAS from which the access request was received. 

9. (Original) The method of claim 8, further including retrieving a user record from a 
database of user records located locally at said PoP, said database of user records containing 
records for only those users who have been identified as having the PoP as their home PoP. 

10. (Original) The method of claim 8, wherein each entry in said list contains a field 
identifying a NAS and a field identifying a dictionary of attributes supported by the 

corresponding NAS. 

11. (Original) The method of claim 10, wheiein said dictionary of attributes is a RADIUS 
dictionary. 

12. (Original) The method of claim 8, wherein said each entry in said list contains fields for: 
a domain name of a NAS; 
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a vendor name of said NAS; 

a shared secret between all known NASes and AAA servers in the network; and 

a dictionary name, said dictionary name indicating a dictionary of attributes supported by 

said NAS. 

13. (Original) The method of claim 12, wherein said validating further includes validating 
that said access request was received from a known entity by determining if the domain name 
that the access request was received from matches the domain name field of any entry in said list. 

14. (Original) Themethodof claim 13, wherein said validating further includes examining 
whether a password supplied with said access request matches the shared secret field of a 
corresponding entry in said list if the domain name that the access request was received from 
matches the domain name field of any entry in said list 

15. (Original) The method of claim 12, wherein said dictionary of attributes is a standard 
RADIUS dictionary. 

16. (Original) The method of claim 8, wherein said accessing and validating are performed 
by an Authentication, Authorization, and Accounting (AAA) server. 

17. (Original) The method of claim 8, further including subscribing to a broker event to 
update said list whenever a NAS known to the computer network is added, deleted, or modified. 



18. (Previously amended) A method for handling an access request at a PoP, 

4 

Received from < 4082878040 > at 6/16/03 4:04:29 PM [Eastern Daylight Time] 



06H6-03 01 :02pm From-TholBn.RBicUPriast LLP 4082878040 T-067 P-006/020 F-276 

Docket No- CISCO-1340 

request generated by a use. logging on to .aid PoP, said user having a home PoP, the method 

including: 

accessing a list of network access servers (NASes) known to the PoP and a computer 
network containing the PoP, said list located locally at the PoP; 

validating that said access request was received from a known entity by determining if an 
entry exists in said list for the NAS from which the access request was received; 

determining if said user's home PoP is said PoP; 

forwarding said access request to an AAA server located at said PoP if said user's home 
PoP is said PoP; and 

relaying said access request to said user's home PoP if said user's home PoP is not said 

PoP. 

19. (Original) The method of claim 18, wherein said determining, forwarding, and relaying 
are performed by a Protocol Gateway. 



a user 



20. (Original) The method of claim 18, wherein said determining includes examining 
name entered by said user. 



21 . (Original) The method of claim 20, wherein said determining further includes parsing 
said user name to reveal a PoP location indicated within said user name. 

22. (Original) The method of claim 21, wherein said PoP location indicated within said user 
name is a city name as a prefix to said user name. 
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23. (Original) ThndWoftott^^M^^*^"" 

nameis an abbreviation for.acitvname contained within a domain affixed to the of 

said user name. 

24. (Original) He methodof claim 20, wherein said determining tether taclndes parsing 
said nser nan* to reveal a domain name. said domain name indicating an ISP in control of said 

home PoP. 

25. (Original) An apparatus for centrally managing a computer network including: 
a central NAS list maintainer; 

a NAS list broadcaster coupled to said central NAS lisrmaintainer and coupled to said 
computer network. 

26. (Original) The apparatus of claim 25, wherein said central NAS list maintainer and said 
NAS list broadcaster are contained within a Network Control Console. 

27. (Original) The apparatus of claim 25, wherein said central NAS list maintainer is 
coupled to a central NAS list, said central NAS list containing entries for each NAS known to the 
computer network. 

28. (Original) The apparatus of claim 27, wherein each NAS known to the computer network 
is a NAS which has been chosen as being valid. 
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29. (Original) The apparatus of claim 25, wherein said NAS list broadcaster is coupled 

broker. 



30. (Original) An apparatus for locally processing an access request at a PoP in a computer 
network having other PoPs, said access request received from a NAS, the apparatus including: 

a memory configured to store a NAS list, said NAS list containing entries on each NAS 
known to the PoP and the computer network and located locally at the PoP; 

a NAS list accessor coupled to said NAS list; and 

an access request validator coupled to saidNAS list accessor. 

31. (Original) The apparatus of claim 30, further including: 

a user record database located locally at said PoP, said user record database containing 
records for only those users who have been identified as having the PoP as their home PoP; and 

a user record retriever coupled to said user record database and coupled to said access 
request validator. 

32. (Original) The apparatus of claim 30, wherein each entry in said NAS list contains a field 
identifying a NAS and a field identifying a dictionary of attributes supported by the 
corresponding NAS. 

33. (Original) The apparatus of claim 32, wherein said dictionary of attributes is a RADIUS 
dictionary. 



7 

Received from < 4032878040 > at 6/16/03 4:04:29 PM [Eastern Daylight Time] 



0H6-03 01 :02po Froct-Thsl en ,Ra i d.&Pr i est LLP 4082878040 T-067 P. 009/020 F-276 

Docket No. CISCO-1340 

34. (Original) The apparatus of claim 30, wherein said each entry in said list contains fields 

for: 

a domain name of a NAS; 
a vendor name of said NAS; 

a snared secret between all known NASes and AAA servers in the network; and 
a dictionary name, said dictionary name indicating a dictionary of attributes supported by 
said NAS. 



35. (Original) The apparatus 
RADIUS dictionary. 



of claim 33, wherein said dictionary of attributes is a standard 



36. (Original) The apparatus of claim 30, wherein said NAS list accessor and said access 
request validator are contained in an Authentication, Authorization, and Accounting (AAA) 



server. 



37. (Original) The apparatus of claim 30, further including: 
a broker event subscriber coupled to said NAS list. 

38. (Previously amended) An apparatus for handling an access request at a PoP, said access 
request generated by a user logging on to said PoP, said user having a home PoP, the apparatus 
including: 

a memory configured to store a NAS list, said NAS list containing entries on each NAS 
known to the PoP and a computer network containing the PoP, and located locally at the PoP; 
a NAS list accessor coupled to said NAS list; 
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an access request validator coupled to said NAS list accessor, 
a user home PoP determiner; and 

an access request forwarder coupled to said user home PoP determiner, said access 
request forwarder coupled to an AAA server if the PoP is said user's home PoP and coupled 
computer network if the PoP is no said usefs home PoP. 

39. (Original The apparatus of claim 38, wherein said user home PoP determiner and said 
access request forwarder are contained within a Protocol Gateway. 

40. (Original) A program storage device readable by a machine, tangibly embodying a 
program of instructions executable by the machine to perform a method for centrally managing a 
computer network, the method including: 

maintaining a central database of all NASes known to the computer network; and 
broadcasting a message to a NAS list located at each POP in the computer network 

whenever said central database is changed, said message containing information regarding the 

change. 

41. (Original) A program storage device readable by a machine, tangibly embodying a 
program of instructions executable by the machine to perform a method for locally processing an 
access request at a Point-of-Presence (PoP) in a computer network having other PoPs, said access 
request received from a NAS, the method including: 

accessing a list of network access servers (NASes) known to the PoP and the computer 
network, said list located locally at the PoP; and 
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validating that said access request was received from a known entity by determining if an 
entry exists in said list for the NAS from which the access request was received. 

42. (Previously amended) A program storage device readable by a machine, tangibly 
embodying a program of instructions executable by the machine to perform a method for 
handling an access request at a PoP, said access request generated by a user logging on to said 
PoP, said user having a home PoP, the method including: 

accessing' a list of network access servers (NASes) known to the PoP and a computer 
network containing the PoP, said list located locally at the PoP; 

validating that said access request was received from a known entity by determining if an 
entry exists in said list for the NAS from which the access request was received; 

detennirung if said user's home PoP is said PoP; 

forwarding said access request to an AAA server located at said PoP if said user's home 
PoP is said PoP; and 

relaying said access request to said user's home PoP if said user's home PoP is not said 

PoP. 

43. (Previously added) An apparatus for centrally managing a computer network, including: 
means for maintaining a central database of all NASes known to the computer network; 

and 

means for broadcasting a message to a NAS list located at each POP in the computer 
network whenever said central database is changed, said message containing information 
regarding the change. 
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44. (P^y added) lt .*^*^*«^*'*'»«**'*° m »** 

valid- 

«. (Previously added) map P aran B rtcWm43. W he t ei» S aidme» S formai nU inin g isa 

Network Control Console- 

46. (Previous* added) The apparatus of claim 45, when*, said Network Control Console 

is a graphical interface. 

47. (Previously added) The apparatus of claim 43, wherein said means for maintaining 
includes means for adding NASes, deleting NASes, and modifying the entries of NASes in said 
central database as the need arises. 

48. (Previously added) The apparatus of claun 43, whemn said broadcasting is performed 
automatically by a broker whenever a change to said central database is made. 

49. (Previously added) The apparatus of claim 43, wherein said means for broadcasting 
includes means for publishing a broker event via a broker. 

50. (Previously added) An apparatus for locally processing an access request at a Points- 
Presence (PoP) in a computer network having other PoPs, said access request received from a 

NAS, the apparatus including: 

means for accessing a list of network access servers (NASes) known to the PoP and the 
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computer network, said list located locally at the PoP; and 

nxans for validating that said access request was received from a known entity by 
determining if an entry exists in said list for the NAS from which the access request was 

received 

51. (Previously added) The apparatus of claim 50, further including means for retrieving a 
user record from a database of user records located locally at said PoP, said database of user 
records containing records for only those users who have been identified as having the PoP as 
their home PoP. 

52. (Previously added) The apparatus of claim 50. wherein each entry in said list contains 
a field identifying a NAS and a field identifying a dictionary of attributes supported by the 

corresponding NAS. 

53. (Previously added) The apparatus of claim 52, wherein said dictionary of attributes is a 
RADIUS dictionary. 

54. (Previously added) The apparatus of claim 50, wherein said each entry in said list 

contains fields for 

a domain name of a NAS; 
a vendor name of said NAS; 

a shared secret between all known NASes and AAA servers in the network; and 

a dictionary name, said dictionary name indicating a dictionary of attributes supported by 

said NAS. 
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55 (Previouslyadded) Hie apparatus of claim 54. wherein said means for validating 
^eHncludesmeansforvaHdatin 

by detennining if the domain name that the access request was received from matches the 
domain name field of any entry in said list 

56. (Previously added) Tta apparatus of claim 55, wherein said means for validating 
further includes means for examining whether a password suppUed with said access request 
matches the sharedsecret field of a c^rrespondmg entry in said hst if the domain name that the 
access request was received from matches the domain name field of any entry in said list. 

57. (Previously added) The apparatus of claim 54, wherein said dictionary of attributes is a 
standard RADIUS dictionary. 

58. (Previously added) The apparatus of clan, 50, wherein s.d means for accessing and 
me ans for validating ate an Authentication, Authorization, and Accounting (AAA) server. 

59. (Previously added) The apparatus of claim 50, further including means for subscribing 
to a broker event to update said list whenever a NAS known to the computer network is added, 

deleted, or modified- 

60. (Previously added) An apparatus for handling an access request at a PoP. aid access 
revest general by a user logging on to said PoP, said user having a home PoP, the apparatus 

including: 

means for accessing a list of network access servers (NASes) known to the PoP and a 
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computer network containing the PoP, said list located locally at the PoP; 

means for validating that said access request was received from a known entity by 
determining if an entry exists in said list for the NAS from which the access request was 
received; 

means for determining if said user's home PoP is said PoP; 

means for forwarding said access request to an AAA server located at said PoP if said 

user's home PoP is said PoP; and 

means for relaying said access request to said user's home PoP if said user's home PoP is 

not said PoP. 

61. (Previously added) The apparatus of claim 60, wherein said means for determining, 
means for forwarding, and means for relaying are a Protocol Gateway. 

62. (Previously added) The apparatus of claim 60, wherein said means for detenmning 
includes means for examining a user name entered by said user. 

63. (Previously added) The apparatus of claim 62, wherein said means for determining 
further includes means for parsing said user name to reveal a PoP location indicated within said 
user name. 

64. (Previously added) The apparatus of claim 63, wherein said PoP location indicated 
within said user name is a city name as a prefix to said user name. 
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65. (Previously added) The apparatus of claim 63, wherein said PoP location indicated 
within said user name is an abbreviation for a city name contained within a domain name affixed 
to the end of said user name. 

66. (Previously added) The apparatus of claim 62, wherein said means for determining 
further includes means for parsing said user name to reveal a domain name, said domain name 
indicating an ISP in control of said home PoP. 
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